Risk management

Management of risk and material risks facing Petmin

Petmin’s Enterprise Risk Management (ERM) process is aligned with the principles of the global risk management standard ISO 31 000: 2009, which has been adopted by the South African Bureau of Standards as SANS 31 000:2009.

Petmin applies a risk management framework that effectively manages risk in all aspects of its operations, investments and projects.

Risk management process

Petmin’s approach to ERM is linked to its corporate strategy. Understanding company strategies and the related objectives of each management layer is a prerequisite to accurately identifying and managing the associated risks.

It is important to recognise that change brings uncertainty. Petmin’s risk management process inherently recognises this uncertainty. Every time a change is considered, the range of associated uncertainties, or risks, are identified, documented and managed following a Board-approved and systematic process.

This approach links all the risks facing Petmin to its objectives and generates positive accountable risk management at every level within the organisation.

The diagram below illustrates the strategic risk management cycles advocated by Petmin’s ERM framework.

Strategic process

Petmin’s risk assessment process

Petmin’s risk assessment process is consistently applied throughout the Group in all risk assessments at corporate, operational and investment level. The process entails the following:

Establishing the context
by determining, prior to performing the risk assessment, the key objectives, key stakeholders and all internal and external factors that could have an impact on the achievement of the objectives of the specific process or project; or the company’s strategic, operational and investment objectives
Identifying the risks
by considering their respective causes, consequences and current controls
Analysing the risks
by considering their consequences and the likelihood that the consequences could occur, in both instances taking into account the adequacy and the effectiveness of current controls in place. The approved Petmin severity and likelihood rating scale is used to perform this analysis across the Group in all risk assessments
Evaluating the risks
to determine if additional controls are required. The risk context, its relation to other risks, legislative requirements and financial impact are considered in order to determine justification for any additional treatment
Treating the risks
by considering the optimal treatment in order to respond to a particular risk and putting a plan in place to ensure complete and timely implementation of new controls
Monitoring and review
by monitoring the effectiveness of all steps of the risk management process and to promote continuous improvement. Risks and the effectiveness of treatment measures are monitored to ensure changing circumstances do not alter priorities.

All risks are recorded in risk registers at corporate, operational and investment level and these are updated continually whenever a change occurs which could impact on a specific risk issue or event. Risks which are deemed to be material are subjected to a more detailed risk Bow-tie analysis aimed at ensuring that there is a clear link between risk causes and controls.

Risk management reporting mechanism

The risk management process is continually monitored in terms of a risk management plan as approved by the executive team.

Management is accountable to the Audit and Risk Committee (ARC) for ensuring that risk management is embedded into the day-to-day activities of the business.

The Audit and Risk Committee assists the Board in carrying out its responsibility for the governance of risk. A detailed risk report is submitted for consideration at every ARC meeting, whereafter the board is updated on the continued effectiveness of the risk management process and on material risks facing the Group.

Financial year ending 2013: key risk management achievements

During the year under review, key milestones were achieved as part of a process of embedding risk management across the Group, as outlined below:

A detailed review of the Petmin risk register was conducted with additional mitigation actions identified by management to address these risks
A review of the investment risk register was conducted on NAIC with causes, impacts and controls identified for management to address
The Risk Severity/Likelihood Rating Scale was revised to provide more granularity
The Risk Management Policy was reviewed and updated to incorporate principles of Risk Appetite and Tolerance and ensure that the policy remains relevant
The Risk Appetite and Tolerance statement was approved by the Board
A Crisis and Emergency Management Plan and Strike Management Plan were developed and implemented
Bow-tie and control self-assessments were conducted on material risks identified
Internal Audit Terms of Reference, policy and framework were adopted by the ARC
Internal assurance was provided on technical risks through Petmin’s Technical Advisory and Review Committee (TAR C) and Internal Audit
A legal compliance software program on key mining legislation is being implemented
The Petmin insurance portfolio was reviewed and potential areas of improvement identified
Emerging risks identified across the globe by risk specialists were monitored, investigated and included in Petmin’s risk assessment process, where relevant
Management reviewed and updated the system to capture near misses and lessons learned

Petmin’s integrated assurance model

During the period under review, Petmin approved an integrated assurance model for implementation in line with the Group’s Enterprise Risk Management (ERM) Framework. The integrated approach will facilitate the optimal assurance obtained from management, internal and external assurance providers on the risks and exposures that may have a material impact on Petmin achieving its strategic objectives.

This assurance model is based on three key levels of defence:

1. Management-based assurance – provided by management through the provision and implementation of business strategies, performance measurements and reporting, internal controls (policies and procedures) and other governance and monitoring processes
2. Internal-based assurance – detailed formal review provided by internal assurance providers who are independent of the process under review (includes internal auditors)
3. External based assurance – formal review provided by external assurance providers who are independent of the company (includes external auditors, the Technical Advisory and Review Committee (TAR C), regulators and other professionally qualified specialists).

A formal process of logging all control or process improvement opportunities is to be implemented as the fourth line of defence to facilitate adequate monitoring of the timeliness and effectiveness of implementation of the necessary corrective action.

Internal Audit Assurance

During the year under review, an internal audit process was implemented to provide assurance through the second line of defence identified in Petmin’s Integrated Assurance Model.

As part of the internal audit function, an internal audit work plan was developed and presented to the ARC for approval. This work plan was based on discussions with management and external auditors and a review of the key risks and priorities identified in the Petmin risk register.

The focus during the financial year ending June 2013 was on reviewing the internal control processes over financial reporting at Somkhele. Audit test were conducted on 14 financial controls focusing on revenue, fixed assets, cash, purchases and fraud risks.

The internal audit findings concluded that no material control deficiencies were discovered. Matters of a housekeeping nature that were identified have been communicated to the ARC and, where appropriate, are being addressed by management.

Technical Advisory and Review Committee Assurance (TARC )

During the year under review, TAR C conducted a technical review of the effectiveness of the controls in place in order to treat the technical risks that might materially impact on the achievement of Petmin’s strategic objectives, its sustainability and profitability.

The following material risks were reviewed during this process:

Supply and demand dynamics and commodity price volatility
Variability of ore body

TARC’s assurance process included:

a review of the risk registers and risk management processes in place across the Group
independent competent person’s reports on reserves and resources of key mining areas at Somkhele
study of detailed mine plans and monthly operational reports
discussions with management at operations and at Petmin
review of monthly operational reports
review of offtake and other key sales contracts.

TARC’s overall finding on the risk process is that management is aware of the key risks facing the Group and has instituted controls and treatment actions where possible and manages the risks facing the Group appropriately.

Petmin’s risk appetite and tolerance

It is a requirement of King III (Principle 4.2) that the Board of Directors of a company should determine the levels of risk appetite and risk tolerance applicable to such company.

In the decision-making process around risk appetite, as well as the risk impacts relevant to the matter under consideration, the Petmin Board subscribes to a risk appetite methodology which takes into consideration the following:

The Company’s strategic objectives
The approved insurance programme and philosophy in general
Stakeholders expectations
The financial position of the Company as reflected in the most recent balance sheet
The Company’s Approval and Authority Framework
Key risk impacts associated with the specific matter being considered.

The methodology outlined in this guideline is applicable in all areas of the Company’s business. The process takes into consideration the skills, resources and technology required to manage and monitor risk exposures in the context of risk appetite.

This statement is a reflection of the Company’s willingness and capacity to take on risk in the pursuit of its business objectives (the “reward”), as well as a recognition that the reward must be balanced with a clear understanding of the consequences (loss or negative events), (the “risk”), associated with pursuing the opportunity identified.

An analysis of the “risk” versus “reward” equation shall be conducted and a rational decision taken about whether or not the issue fits within the risk appetite of Petmin.

Should any of the items listed above be compromised in determining the risk versus reward equation, a decision to still pursue such opportunity in the interest of the potential reward, and to tolerate such state of affairs in the interests of the potential reward, shall be taken at a level commensurate with the magnitude of the risk issue under consideration.

The Petmin risk profile is reviewed and approved by the Board on an annual basis or when there is a change in the business that will have a material impact on the achievement of the Company’s strategic objectives. Implicit in this review and approval is the approval of the risk appetite and tolerance levels of the risks reflected in the profile.

On an annual basis the Petmin Executive Committee reviews this Risk Appetite Statement. This is done by considering developments in the industry, changes in the strategic objectives of the Company, changes in the Company’s stakeholders and market conditions in general.


Petmin risk profile – bubble chart

The bubble chart below provides a snap shot of the material risks facing the Group as identified through a structured ERM process. These are the top 12 risks extracted from Petmin’s risk register which are reviewed and updated on a regular basis.

Petmin risk profile – bubble chart